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CLAIMS 

What is claimed is: 



1 1 . A method of secure key exchange between a first entity and a second 

2 entity comprising: 

3 generating, by the first entity, a first key, encrypting the first key with a 

4 public key of a third entity, and storing the encrypted first key in the third entity; 

5 generating, by the second entity, a second key, encrypting the second key 

6 with the public key of the third entity, and storing the encrypted second key in the 

7 third entity; 

8 decrypting, by the third entity, the encrypted first key and the encrypted 

9 second key, using the third entity's private key to obtain the first key and the 

1 0 second key; 

1 1 encrypting, by the third entity, the first key using the second key, and 

1 2 storing the first key encrypted by the second key in the third entity; 

1 3 obtaining, by the second entity, the first key encrypted by the second key, 

14 and decrypting, using the second key, the first key encrypted by the second key. 
15 

1 2. The method of claim 1 , further comprising encrypting content with the 

2 first key by the second entity and transferring the encrypted content from the 

3 second entity to the first entity. 
4 

1 3. The method of claim 1 , wherein the first entity comprises a graphics 

2 device. 
3 

1 4. The method of claim 1 , wherein the second entity comprises an 

2 application program. 
3 

1 5. The method of claim 1 , wherein the third entity comprises a trusted 

2 platform module. 
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3 

1 6. The method of claim 1 , wherein generating the first key comprises 

2 pseudorandomly generating the first key, and generating the second key 

3 comprises pseudorandomly generating the second key. 
4 

1 7. The method of claim 1 , wherein the first key and the second key 

2 comprise symmetric keys. 
3 

1 8. The method of claim 1 , further comprising signaling the first entity, by 

2 the second entity, to start the key exchange. 
3 

1 9. The method of claim 8, wherein signaling comprises storing a value in 

2 a register resident in the first entity. 

3 

1 1 0. A system for secure key exchange comprising: 

2 a third entity having a public/private key pair; 

3 a first entity to generate a first key, to encrypt the first key with the public 

4 key of the third entity, and to store the encrypted first key in the third entity; 

5 a second entity to generate a second key, to encrypt the second key with 

6 the public key of the third entity, and to store the encrypted second key in the 

7 third entity; 

8 wherein the third entity decrypts the encrypted first key and the encrypted 

9 second key using the third entity's private key to obtain the first key and the 

10 second key, encrypts the first key using the second key, and stores the first key 

1 1 encrypted by the second key in the third entity; and 

12 wherein the second entity obtains the first key encrypted by the second 

1 3 key from the third entity, and decrypts, using the second key, the first key 

14 encrypted by the second key. 
15 

1 11. The system of claim 10, wherein the first entity comprises a graphics 

2 device. 



14 



- ■ ■ " 

042390.P18507 
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1 12. The system of claim 10, wherein the second entity comprises an 

2 application program. 

3 

1 13. The system of claim 10, wherein the third entity comprises a trusted 

2 platform module. 
3 

1 14. The system of claim 13, wherein the trusted platform module 

2 comprises a first register to store the encrypted first key, a second register to 

3 store the encrypted second key, and a third register to store the first key 

4 encrypted by the second key. 
5 

1 15. The system of claim 10, wherein the first key and the second key 

2 comprise pseudorandomly generated symmetric keys. 
3 

1 16. The system of claim 10, wherein the second entity encrypts content 

2 with the first key and transfers the encrypted content to the first device. 
3 

1 17. The system of claim 10, wherein the third entity comprises an 

2 input/output pin dedicated for use by the first entity, and the first entity is coupled 

3 to the dedicated input/output pin using a buried line on a printed circuit board. 
4 

1 18. A method of secure key exchange and protected content distribution 

2 between a graphics device and an application program comprising: 

3 pseudorandomly generating, by the graphics device, a first symmetric key, 

4 encrypting the first symmetric key with a public key of a trusted platform module 

5 (TPM), and storing the encrypted first symmetric key in a first register in the 

6 TPM; 

7 pseudorandomly generating, by the application program, a second 

8 symmetric key, encrypting the second symmetric key with the public key of the 

15 
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9 TPM, and storing the encrypted second symmetric key in a second register in the 

10 TPM; 

1 1 decrypting, by the TPM, the encrypted first symmetric key and the 

12 encrypted second symmetric key using the TPM's private key to obtain the first 

13 symmetric key and the second symmetric key; 

14 encrypting, by the TPM, the first symmetric key using the second 

1 5 symmetric key, and storing the first symmetric key encrypted by the second 

1 6 symmetric key in a third register in the TPM; 

17 obtaining, by the application program, the first symmetric key encrypted by 

18 the second symmetric key from the third register, and decrypting, using the 

1 9 second symmetric key, the first symmetric key encrypted by the second 

20 symmetric key; and 

21 encrypting content, by the application program, using the first symmetric 

22 key, and sending the encrypted content to the graphics device. 
23 

1 19. The method of claim 18, further comprising signaling the graphics 

2 device, by the application program, to start the key exchange. 
3 

1 20. The method of claim 19, wherein signaling comprises storing a value 

2 in a register resident in the graphics device. 
3 

1 21 . The method of claim 18, further comprising, decrypting, by the 

2 graphics device, the encrypted content using the first symmetric key. 
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